Subnetting isn't just for conserving IP addresses; it is the foundational mechanism for network segmentation. Proper CIDR allocation defines the blast radius of a potential breach.
A /24 subnet provides 254 usable hosts. If a malware outbreak occurs in a /24, the infection is logically contained to that specific broadcast domain, provided inter-VLAN routing is strictly controlled.
💡 Pro-tip: Always reserve specific CIDR blocks for administrative jump hosts and out-of-band management networks to ensure access during a localized outage.
ipcalc -b 192.168.10.0/26This calculates the broadcast address and usable host range for a /26 subnet, helping you verify that your security zones don't overlap.
Broadcast traffic (like ARP requests) is confined to a single subnet. By sizing subnets appropriately, you limit the noise and visibility an attacker has when performing local reconnaissance scans.
⚠️ Avoid using overly large subnets (e.g., /16) for user VLANs. A flat network allows ransomware to propagate instantly to thousands of endpoints.
| CIDR | Usable Hosts | Security Use Case |
|---|---|---|
| /30 | 2 | Point-to-Point Links |
| /24 | 254 | Standard User VLAN |
| /28 | 14 | DMZ / Management |
Verify exercises to earn ★ 130 XP and unlock next lab level.